Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/209544-7bf2-4e13-87e6-be026bf67163/1/vzqHQtSs2Ll17kIhzu7i4Fx0bM4.roa
File:                     vzqHQtSs2Ll17kIhzu7i4Fx0bM4.roa (raw, json)
Hash identifier:          4hxhXTGo/RdAHHLFg4G4QRq2OAlSa5hX9QYk/Am2sj4=
Subject key identifier:   BF:3A:87:42:D4:AC:D8:B9:75:EE:42:21:CE:EE:E2:E0:5C:74:6C:CE
Certificate issuer:       /CN=b72dfb12727e4600ca2f0191b7d1a023532e72c0
Certificate serial:       019CE5FDF1BE9ECB5B5B5C912D1459EE0239
Authority key identifier: B7:2D:FB:12:72:7E:46:00:CA:2F:01:91:B7:D1:A0:23:53:2E:72:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ty37EnJ-RgDKLwGRt9GgI1MucsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/209544-7bf2-4e13-87e6-be026bf67163/1/vzqHQtSs2Ll17kIhzu7i4Fx0bM4.roa
Signing time:             Fri 13 Mar 2026 06:59:10 +0000
ROA not before:           Fri 13 Mar 2026 06:59:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206548
IP address blocks:        5.182.148.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/209544-7bf2-4e13-87e6-be026bf67163/1/ty37EnJ-RgDKLwGRt9GgI1MucsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/209544-7bf2-4e13-87e6-be026bf67163/1/ty37EnJ-RgDKLwGRt9GgI1MucsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ty37EnJ-RgDKLwGRt9GgI1MucsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e5:fd:f1:be:9e:cb:5b:5b:5c:91:2d:14:59:ee:02:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72dfb12727e4600ca2f0191b7d1a023532e72c0
        Validity
            Not Before: Mar 13 06:59:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf3a8742d4acd8b975ee4221ceeee2e05c746cce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ea:71:78:75:62:8e:62:80:e1:30:7e:2c:7c:
                    e1:40:f3:ed:f9:2b:77:22:85:4b:44:3b:c0:c9:94:
                    02:c9:b5:9c:95:5f:47:47:ee:ab:1f:3c:2f:ec:41:
                    d5:21:48:1c:d3:12:8f:ee:85:25:cb:ad:69:e9:d1:
                    70:ed:2d:9c:9f:94:65:cf:11:bd:6b:7a:af:70:03:
                    84:68:ab:a4:f3:88:11:1f:4a:e7:01:57:2a:f7:76:
                    ea:d8:ba:4f:35:f9:0c:02:5d:cd:4d:d4:be:e0:cc:
                    5f:1f:21:cd:4f:8f:4f:a5:60:ff:03:29:bd:2c:93:
                    75:f4:6f:62:b3:fa:89:a5:44:d3:5e:be:e0:71:2b:
                    83:65:89:46:e5:90:ed:eb:82:6c:67:01:52:12:2d:
                    50:14:c3:1b:ed:8b:97:72:97:e4:31:12:a3:20:f9:
                    9c:dd:a2:36:19:d9:09:9f:fa:fe:fe:bb:71:62:b7:
                    0d:5c:f2:ed:e9:b6:e9:52:7d:87:72:0f:bf:31:80:
                    8a:9c:19:80:1a:a9:74:38:ca:43:fa:77:ad:d8:b5:
                    67:be:44:ac:3f:8c:8e:42:28:4e:f8:98:e8:a4:c3:
                    35:14:a9:f9:9f:a8:54:d7:67:94:b0:39:59:3e:f7:
                    e9:99:c1:1d:f6:f0:90:9c:be:ab:85:7d:3f:87:1c:
                    24:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:3A:87:42:D4:AC:D8:B9:75:EE:42:21:CE:EE:E2:E0:5C:74:6C:CE
            X509v3 Authority Key Identifier:
                keyid:B7:2D:FB:12:72:7E:46:00:CA:2F:01:91:B7:D1:A0:23:53:2E:72:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ty37EnJ-RgDKLwGRt9GgI1MucsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/209544-7bf2-4e13-87e6-be026bf67163/1/vzqHQtSs2Ll17kIhzu7i4Fx0bM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/209544-7bf2-4e13-87e6-be026bf67163/1/ty37EnJ-RgDKLwGRt9GgI1MucsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:e3:29:e8:0d:3b:57:71:9f:f7:e7:79:ed:68:0c:50:22:5a:
         bb:01:eb:b2:39:4f:f2:18:77:af:75:6b:64:19:79:51:f9:fe:
         ed:84:a5:30:26:b2:f7:7c:3b:68:68:be:1e:83:1e:d8:30:3b:
         d4:69:33:54:0c:2e:9e:b7:78:dd:7e:05:cb:f5:6d:32:95:ce:
         3d:0f:cd:6e:79:27:28:69:9f:73:11:8c:00:6b:35:e5:f9:cc:
         06:90:31:b4:22:ad:85:2c:a3:98:87:2e:a9:78:36:94:45:df:
         dd:2b:c9:15:f4:86:c8:7f:cf:16:4a:e8:f4:61:9e:5f:33:ee:
         53:47:79:5e:6c:10:93:9e:1d:2f:10:02:66:be:52:2c:e8:04:
         09:f7:d8:89:89:03:53:2c:b2:eb:f2:0c:2f:e0:84:dc:29:21:
         9d:9f:e0:ea:0c:94:dc:7e:fa:b9:f0:08:b1:4e:d1:b4:cf:3f:
         33:87:24:e2:55:45:09:68:87:09:a4:cc:d9:05:d5:35:ea:d0:
         59:74:e9:5c:fc:15:0a:fa:fc:8f:67:84:30:22:5e:9c:f0:ef:
         5b:cd:f3:a0:e5:87:a6:47:f4:90:c5:ce:48:55:ab:3d:69:4a:
         08:46:77:b3:ce:eb:e6:60:6d:2a:74:63:43:59:62:42:4f:c4:
         2e:d4:29:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzl/fG+nstbW1yRLRRZ7gI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MmRmYjEyNzI3ZTQ2MDBjYTJmMDE5MWI3ZDFhMDIzNTMy
ZTcyYzAwHhcNMjYwMzEzMDY1OTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjNhODc0MmQ0YWNkOGI5NzVlZTQyMjFjZWVlZTJlMDVjNzQ2Y2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxupxeHVijmKA4TB+LHzhQPPt+St3
IoVLRDvAyZQCybWclV9HR+6rHzwv7EHVIUgc0xKP7oUly61p6dFw7S2cn5RlzxG9
a3qvcAOEaKuk84gRH0rnAVcq93bq2LpPNfkMAl3NTdS+4MxfHyHNT49PpWD/Aym9
LJN19G9is/qJpUTTXr7gcSuDZYlG5ZDt64JsZwFSEi1QFMMb7YuXcpfkMRKjIPmc
3aI2GdkJn/r+/rtxYrcNXPLt6bbpUn2Hcg+/MYCKnBmAGql0OMpD+net2LVnvkSs
P4yOQihO+JjopMM1FKn5n6hU12eUsDlZPvfpmcEd9vCQnL6rhX0/hxwkuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL86h0LUrNi5de5CIc7u4uBcdGzOMB8GA1UdIwQY
MBaAFLct+xJyfkYAyi8BkbfRoCNTLnLAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHkzN0VuSi1SZ0RLTHdHUnQ5R2dJMU11Y3NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8yMDk1NDQtN2JmMi00ZTEzLTg3ZTYt
YmUwMjZiZjY3MTYzLzEvdnpxSFF0U3MyTGwxN2tJaHp1N2k0RngwYk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8yMDk1NDQtN2JmMi00ZTEzLTg3ZTYtYmUwMjZiZjY3MTYz
LzEvdHkzN0VuSi1SZ0RLTHdHUnQ5R2dJMU11Y3NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbaUMA0G
CSqGSIb3DQEBCwUAA4IBAQBH4ynoDTtXcZ/353ntaAxQIlq7AeuyOU/yGHevdWtk
GXlR+f7thKUwJrL3fDtoaL4egx7YMDvUaTNUDC6et3jdfgXL9W0ylc49D81ueSco
aZ9zEYwAazXl+cwGkDG0Iq2FLKOYhy6peDaURd/dK8kV9IbIf88WSuj0YZ5fM+5T
R3lebBCTnh0vEAJmvlIs6AQJ99iJiQNTLLLr8gwv4ITcKSGdn+DqDJTcfvq58Aix
TtG0zz8zhyTiVUUJaIcJpMzZBdU16tBZdOlc/BUK+vyPZ4QwIl6c8O9bzfOg5Yem
R/SQxc5IVas9aUoIRnezzuvmYG0qdGNDWWJCT8Qu1ClY
-----END CERTIFICATE-----